On Tue, 28 Nov 2000 [EMAIL PROTECTED] wrote:
> Kirk,
>
> I hope this isn't too basic, but did you re-compile the rules after the
> change?
> I've made this mistake myself, so now I always keep it in mind when I do
> NAT changes. Good luck.
Ugh. Yep, that was it.
Thanx much Harley...
- Kirk
>
> Kirk Vogelsang <[EMAIL PROTECTED]> on 11/28/2000 01:31:56 PM
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Harley S. Sanders/BAIS/BAReston)
>
> Subject: [FW1] fwxlconf not un-NAT'ing addresses
>
>
>
>
>
> I'm having some trouble trying to un-NAT some addresses on
> FW-1 4.0 Solaris using fwxlconf.
>
> The addresses in question are:
>
> 10.10.30.65
> 10.10.100.34
> 10.10.100.35
>
> Those addresses were getting translated before. Now, I'd like
> for them to stay as is without xlation.
>
> Here's what my xlate.conf looks like (with bogus IP's):
>
> fwx_translation={
> <0, 10.10.102.2, 10.10.102.254, FWXT_DST_STATIC, 172.16.37.2, 0>,
> <1, 10.10.103.2, 10.10.103.254, FWXT_DST_STATIC, 172.16.38.2, 0>,
> <2, 172.16.37.2, 172.16.37.254, FWXT_SRC_STATIC, 10.10.102.2, 0>,
> <3, 172.16.38.2, 172.16.38.254, FWXT_SRC_STATIC, 10.10.103.2, 0>,
> <4, 10.10.30.65, 10.10.30.65, FWXT_SRC_STATIC, 10.10.30.65, 0>,
> <5, 10.10.100.34, 10.10.100.34, FWXT_SRC_STATIC, 10.10.100.34, 0>,
> <6, 10.10.100.35, 10.10.100.35, FWXT_SRC_STATIC, 10.10.100.35, 0>,
> <7, 10.10.2.0, 10.10.9.32, FWXT_HIDE, 10.10.11.11, 0>,
> <8, 10.10.9.34, 10.10.11.10, FWXT_HIDE, 10.10.11.11, 0>,
> <9, 10.10.11.12, 10.10.30.4, FWXT_HIDE, 10.10.11.11, 0>,
> <10, 10.10.30.6, 10.10.30.8, FWXT_HIDE, 10.10.11.11, 0>,
> <11, 10.10.30.10, 10.10.30.19, FWXT_HIDE, 10.10.11.11, 0>,
> <12, 10.10.30.21, 10.10.30.54, FWXT_HIDE, 10.10.11.11, 0>,
> <13, 10.10.30.56, 10.10.30.56, FWXT_HIDE, 10.10.11.11, 0>,
> <14, 10.10.30.58, 10.10.30.70, FWXT_HIDE, 10.10.11.11, 0>,
> <15, 10.10.30.72, 10.10.30.129, FWXT_HIDE, 10.10.11.11, 0>,
> <16, 10.10.30.130, 10.10.30.130, FWXT_HIDE, 10.10.9.50, 0>,
> <17, 10.10.30.131, 10.10.101.255, FWXT_HIDE, 10.10.11.11, 0>,
> <18, 10.10.105.3, 10.10.148.255, FWXT_HIDE, 10.10.11.11, 0>
> };
>
> The old xlate.conf was identical, minus #'s 4, 5 and 6.
> I've also tried punching holes in the ranges to exclude the 3 addresses
> above, rather than using the SRC_STATIC, but that didn't work either.
>
> After making the changes, I've fwstop'd and fwstart'd and even
> rebooted the firewall, but no deal. They still get NAT'd to
> 10.10.11.11.
>
> I've never had this much trouble before. Anyone have any ideas
> as to what I might be missing?
>
> -----
> Kirk M. Vogelsang <[EMAIL PROTECTED]>
> Northeastern University College of Computer Science
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
>
>
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
-----
Kirk M. Vogelsang <[EMAIL PROTECTED]>
Northeastern University College of Computer Science
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
